package com.xuxueli.applyModules.utils;
import com.xuxueli.applyModules.exception.ErrorException;

import java.util.Arrays;
import java.util.List;


/**
 * @ClassName SqlFilterUtils
 **/
public class StringFilterUtils {

    /**
     * 防止sql注入的特殊字符集合
     */
    private static List<String> sqlFilterList;

    private static void initList() {
        if (sqlFilterList == null) {
            String s = "=,>,<,!, ,delete,update,select,insert,#,$,%,?,@,&,*,;,:";
            sqlFilterList = Arrays.asList(s.split(","));
        }
    }

    /**
     * 防止sql注入
     * @param param
     * @return
     */
    public static void sqlFilter(String param) {
        if (param == null || "".equals(param)) {
            return;
        }
        initList();
        for (String e : sqlFilterList) {
            if (param.toLowerCase().indexOf(e) >= 0) {
                throw new ErrorException(400, "参数["+param+"]含非法字符，操作终止!");
            }
        }
    }

}
